2012-06-22 11:38:01 +02:00
|
|
|
#!perl -w
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
clamdscan
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
A qpsmtpd plugin for virus scanning using the ClamAV scan daemon, clamd.
|
|
|
|
|
|
|
|
=head1 RESTRICTIONS
|
|
|
|
|
|
|
|
The ClamAV scan daemon, clamd, must have at least execute access to the qpsmtpd
|
|
|
|
spool directory in order to sucessfully scan the messages. You can ensure this
|
|
|
|
by running clamd as the same user as qpsmtpd does, or by doing the following:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item * Change the group ownership of the spool directory to be a group
|
|
|
|
of which clamav is a member or add clamav to the same group as the qpsmtpd
|
|
|
|
user.
|
|
|
|
|
|
|
|
=item * Enable the "AllowSupplementaryGroups" option in clamd.conf.
|
|
|
|
|
|
|
|
=item * Add group-execute permissions to the qpsmtpd spool directory.
|
|
|
|
|
|
|
|
=item * Make sure that all directories above the spool directory (to the
|
|
|
|
root) are g+x so that the group has directory traversal rights; it is not
|
|
|
|
necessary for the group to have any read rights.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
It may be helpful to temporary grant the clamav user a shell and test to
|
|
|
|
make sure you can cd into the spool directory and read files located there.
|
|
|
|
Remember to remove the shell from the clamav user when you are done
|
|
|
|
testing.
|
|
|
|
|
|
|
|
=head1 INSTALL AND CONFIG
|
|
|
|
|
|
|
|
Place this plugin in the plugin/virus directory beneath the standard
|
|
|
|
qpsmtpd installation. If you installed clamd with the default path, you
|
|
|
|
can use this plugin with default options (nothing specified):
|
|
|
|
|
|
|
|
You must have the ClamAV::Client module installed to use the plugin.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<clamd_socket>
|
|
|
|
|
|
|
|
Full path to the clamd socket (the recommended mode), if different from the
|
|
|
|
ClamAV::Client defaults.
|
|
|
|
|
|
|
|
=item B<clamd_port>
|
|
|
|
|
|
|
|
If present, must be the TCP port where the clamd service is running,
|
|
|
|
typically 3310; default disabled. If present, overrides the clamd_socket.
|
|
|
|
|
|
|
|
=item B<deny_viruses>
|
|
|
|
|
|
|
|
Whether the scanner will automatically delete messages which have viruses.
|
|
|
|
Takes either 'yes' or 'no' (defaults to 'yes'). If set to 'no' it will add
|
|
|
|
a header to the message with the virus results.
|
|
|
|
|
|
|
|
=item B<defer_on_error>
|
|
|
|
|
|
|
|
Whether to defer the mail (with a soft-failure error, which will incur a retry)
|
|
|
|
if an unrecoverable error occurs during the scan. The default is to accept
|
|
|
|
the mail under these conditions. This can permit viruses to be accepted when
|
|
|
|
the clamd daemon is malfunctioning or unreadable, but will not allow mail to
|
|
|
|
backlog or be lost if the condition persists.
|
|
|
|
|
|
|
|
=item B<max_size>
|
|
|
|
|
|
|
|
The maximum size, in kilobytes, of messages to scan; defaults to 128k.
|
|
|
|
|
|
|
|
=item B<scan_all>
|
|
|
|
|
|
|
|
Scan all messages, even if there are no attachments
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 REQUIREMENTS
|
|
|
|
|
|
|
|
This module requires the ClamAV::Client module, found on CPAN here:
|
|
|
|
|
|
|
|
L<http://search.cpan.org/dist/ClamAV-Client/>
|
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
|
|
|
Originally written for the Clamd module by John Peacock <jpeacock@cpan.org>;
|
|
|
|
adjusted for ClamAV::Client by Devin Carraway <qpsmtpd/@/devin.com>.
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
Copyright (c) 2005 John Peacock,
|
|
|
|
Copyright (c) 2007 Devin Carraway
|
|
|
|
|
|
|
|
Based heavily on the clamav plugin
|
|
|
|
|
|
|
|
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
|
|
|
Please see the LICENSE file included with qpsmtpd for details.
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
#use ClamAV::Client; # eval'ed in $self->register
|
|
|
|
use Qpsmtpd::Constants;
|
|
|
|
|
|
|
|
sub register {
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($self, $qp) = shift, shift;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
$self->log(LOGERROR, "Bad parameters for the clamdscan plugin") if @_ % 2;
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->{'_args'} = {@_};
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
eval 'use ClamAV::Client';
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($@) {
|
2012-06-22 11:38:01 +02:00
|
|
|
warn "unable to load ClamAV::Client\n";
|
|
|
|
$self->log(LOGERROR, "unable to load ClamAV::Client");
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
# Set some sensible defaults
|
|
|
|
$self->{'_args'}{'deny_viruses'} ||= 'yes';
|
2013-04-30 04:06:47 +02:00
|
|
|
$self->{'_args'}{'max_size'} ||= 1024;
|
|
|
|
$self->{'_args'}{'scan_all'} ||= 1;
|
2012-06-22 11:38:01 +02:00
|
|
|
for my $setting ('deny_viruses', 'defer_on_error') {
|
|
|
|
next unless $self->{'_args'}{$setting};
|
2013-04-21 06:50:39 +02:00
|
|
|
if (lc $self->{'_args'}{$setting} eq 'no') {
|
2012-06-22 11:38:01 +02:00
|
|
|
$self->{'_args'}{$setting} = 0;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$self->register_hook('data_post', 'data_post_handler');
|
|
|
|
}
|
|
|
|
|
|
|
|
sub data_post_handler {
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($self, $transaction) = @_;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
my $filename = $self->get_filename($transaction) or return DECLINED;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($self->connection->notes('naughty')) {
|
|
|
|
$self->log(LOGINFO, "skip, naughty");
|
2012-11-19 06:30:36 +01:00
|
|
|
return (DECLINED);
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
|
|
|
return (DECLINED) if $self->is_too_big($transaction);
|
|
|
|
return (DECLINED) if $self->is_not_multipart($transaction);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->set_permission($filename) or return DECLINED;
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
my $clamd = $self->get_clamd()
|
2013-04-21 06:50:39 +02:00
|
|
|
or return $self->err_and_return("Cannot instantiate ClamAV::Client");
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
unless (eval { $clamd->ping() }) {
|
|
|
|
return $self->err_and_return("Cannot ping clamd server: $@");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
my ($version) = split(/\//, $clamd->version);
|
|
|
|
$version ||= 'ClamAV';
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
my ($path, $found) = eval { $clamd->scan_path($filename) };
|
2012-06-22 11:38:01 +02:00
|
|
|
if ($@) {
|
2013-04-21 06:50:39 +02:00
|
|
|
return $self->err_and_return("Error scanning mail: $@");
|
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($found) {
|
|
|
|
$self->log(LOGNOTICE, "fail, found virus $found");
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->connection->notes('naughty', 1); # see plugins/naughty
|
|
|
|
$self->adjust_karma(-1);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($self->{_args}{deny_viruses}) {
|
|
|
|
return (DENY, "Virus found: $found");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$transaction->header->add('X-Virus-Found', 'Yes', 0);
|
|
|
|
$transaction->header->add('X-Virus-Details', $found, 0);
|
2012-06-22 11:38:01 +02:00
|
|
|
return (DECLINED);
|
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGINFO, "pass, clean");
|
|
|
|
$transaction->header->add('X-Virus-Found', 'No', 0);
|
|
|
|
$transaction->header->add('X-Virus-Checked',
|
|
|
|
"by $version on " . $self->qp->config('me'), 0);
|
2012-06-22 11:38:01 +02:00
|
|
|
return (DECLINED);
|
|
|
|
}
|
|
|
|
|
|
|
|
sub err_and_return {
|
2013-04-21 06:50:39 +02:00
|
|
|
my $self = shift;
|
2012-06-22 11:38:01 +02:00
|
|
|
my $message = shift;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($message) {
|
|
|
|
$self->log(LOGERROR, $message);
|
|
|
|
}
|
|
|
|
return (DENYSOFT, "Unable to scan for viruses")
|
|
|
|
if $self->{_args}{defer_on_error};
|
2012-06-22 11:38:01 +02:00
|
|
|
return (DECLINED, "skip");
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub get_filename {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
|
|
|
my $filename = $transaction->body_filename;
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!$filename) {
|
|
|
|
$self->log(LOGWARN, "Cannot process due to lack of filename");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!-f $filename) {
|
|
|
|
$self->log(LOGERROR, "spool file missing! Attempting to respool");
|
2012-06-22 11:38:01 +02:00
|
|
|
$transaction->body_spool;
|
|
|
|
$filename = $transaction->body_filename;
|
2013-04-21 06:50:39 +02:00
|
|
|
if (!-f $filename) {
|
|
|
|
$self->log(LOGERROR, "skip: failed spool to $filename! Giving up");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
my $size = (stat($filename))[7];
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGDEBUG, "Spooled $size bytes to $filename");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $filename;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub set_permission {
|
|
|
|
my ($self, $filename) = @_;
|
|
|
|
|
|
|
|
# the spool directory must be readable and executable by the scanner;
|
|
|
|
# this generally means either group or world exec; if
|
|
|
|
# neither of these is set, issue a warning but try to proceed anyway
|
2013-04-21 06:50:39 +02:00
|
|
|
my $dir_mode = (stat($self->spool_dir()))[2];
|
|
|
|
$self->log(LOGDEBUG, "spool dir mode: $dir_mode");
|
|
|
|
|
|
|
|
if ($dir_mode & 0010 || $dir_mode & 0001) {
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
# match the spool file mode with the mode of the directory -- add
|
|
|
|
# the read bit for group, world, or both, depending on what the
|
|
|
|
# spool dir had, and strip all other bits, especially the sticky bit
|
2013-04-21 06:50:39 +02:00
|
|
|
my $fmode =
|
|
|
|
($dir_mode & 0044) | ($dir_mode & 0010 ? 0040 : 0) |
|
|
|
|
($dir_mode & 0001 ? 0004 : 0);
|
2012-06-22 11:38:01 +02:00
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
unless (chmod $fmode, $filename) {
|
|
|
|
$self->log(LOGERROR, "chmod: $filename: $!");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGWARN,
|
|
|
|
"spool directory permissions do not permit scanner access");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub get_clamd {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
my $port = $self->{'_args'}{'clamd_port'};
|
|
|
|
my $host = $self->{'_args'}{'clamd_host'} || 'localhost';
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($port && $port =~ /^(\d+)/) {
|
|
|
|
return new ClamAV::Client(socket_host => $host, socket_port => $1);
|
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
my $socket = $self->{'_args'}{'clamd_socket'};
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($socket) {
|
|
|
|
if ($socket =~ /([\w\/.]+)/) {
|
|
|
|
return new ClamAV::Client(socket_name => $1);
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGERROR, "invalid characters in socket name");
|
2012-06-22 11:38:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return new ClamAV::Client;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub is_too_big {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
|
|
|
my $size = $transaction->data_size;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($size > $self->{_args}{max_size} * 1024) {
|
|
|
|
$self->log(LOGINFO, "skip, too big ($size)");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
$self->log(LOGDEBUG, "data_size, $size");
|
2012-06-22 11:38:01 +02:00
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|
2012-06-22 11:38:01 +02:00
|
|
|
|
|
|
|
sub is_not_multipart {
|
|
|
|
my $self = shift;
|
|
|
|
my $transaction = shift || $self->qp->transaction;
|
|
|
|
|
|
|
|
return if $self->{'_args'}{'scan_all'};
|
|
|
|
|
2013-04-21 06:50:39 +02:00
|
|
|
return 1 if !$transaction->header;
|
2012-06-23 05:37:42 +02:00
|
|
|
|
2012-06-22 11:38:01 +02:00
|
|
|
# Ignore non-multipart emails
|
|
|
|
my $content_type = $transaction->header->get('Content-Type') or return 1;
|
|
|
|
$content_type =~ s/\s/ /g;
|
2013-04-21 06:50:39 +02:00
|
|
|
if ($content_type !~ m!\bmultipart/.*\bboundary="?([^"]+)!i) {
|
|
|
|
$self->log(LOGNOTICE, "skip, not multipart");
|
2012-06-22 11:38:01 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
2013-04-21 06:50:39 +02:00
|
|
|
}
|